4. 4
Escalating IT Complexity …
SERVERS STORAGE NETWORKING
VITUALIZATION
INFRASTRUCTUR
E
APPLICATIONS
Identity
VPN
IP Phone
CUSTOM
APPLICATIONS
App Svr
DB
Web Svr SaaS/PaaS
IaaSPACKAGED
APPLICATIONS
HR
Email
Finance
5. 5
… Plaguing IT Operations
SERVERS STORAGE NETWORKING
VITUALIZATION
INFRASTRUCTUR
E
APPLICATIONS
Identity
VPN
IP Phone
CUSTOM
APPLICATIONS
App Svr
DB
Web Svr SaaS/PaaS
IaaSPACKAGED
APPLICATIONS
HR
Email
Finance
Complex, silo-based technologies
Disconnected and outdated point solutions
Reactive brute-force problem resolution
Over 80% of time on maintaining not innovating
6. 6
Industry Leading Platform for Machine Data
Any Machine Data
Online
Services Web
Services
Servers
Security GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
ApplicationsMessaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
RFID
Datacenter
Private
Cloud
Public
Cloud
Enterprise
Scalability
Search and
Investigation
Proactive
Monitoring
Operational
Visibility
Real-time
Business
Insights
Operational Intelligence
7. 7
Industry Leading Platform for Machine Data
Online
Services Web
Services
Servers
Security GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
ApplicationsMessaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
RFID
Datacenter
Private
Cloud
Public
Cloud
Enterprise
Scalability
Search and
Investigation
Proactive
Monitoring
Operational
Visibility
Real-time
Business
Insights
Operational Intelligence
Any amount, any location, any source
Schema-
on-the-fly
Universal
indexing
No
back-end
RDBMS
No need
to filter
data
Any Machine Data
8. 8
Developer Platform (REST API, SDKs)
The Focus
Application
Delivery
IT
Operations
Security,
Compliance,
and Fraud
Business
Analytics
Industrial Data
and the
Internet of Things
9. 9
Turning Machine Data Into Operational Intelligence
Reactive
Search
and
Investigate
Proactive
Monitoring
and Alerting
Operational
Visibility
Proactive
Real-time
Business
Insight
10. 10
Troubleshooting
Find and fix problems faster
Reduce
MTTR
Improve End User
Experience
Reduce Costs
Greater IT
productivity
11. 11
Troubleshooting
Find and fix problems faster
Reduce
MTTR
Improve End User
Experience
Reduce Costs
Greater IT
productivity
No more grepping through logs
End-to-end correlation
12. Monitoring
Find and fix problems before it becomes a problem
Increased uptime
Trends in real time
and Historical Data
Powerful
Visualizations
Alerting and
notifications
14. 14
Splunk Apps & Add-ons
Plug-ins, templates and apps accelerate value from machine data
No rigid schemas – Add in data from any source.
API
SDKs UI
Server, Storage,
Network
Server
Virtualization
Operating
Systems
Custom
Applications
Business
Applications
Cloud
Services
App Performance
Monitoring
Ticketing and
Others
Web Intelligence
Mobile
Applications
Stream
15. 15
Apps Provide Deep Insights By Role
Find and resolve problems fast in individual technology areas
Exchange Admin
Service health
Performance
Message Tracking
VMware/Win/L
inux Admin
Infrastructure health
Performance
Anomalies/outliers
Storage Admin
Infrastructure health
Performance
Anomalies/outliers
16.
17. What We Are Hearing From Our Customers:
“My CIO is demanding we look at IT from a business service perspective.”
“Splunk is great for break-fix, but I need to show we’re meeting SLAs.”
“I need everyone to be able to see the same thing at the same time.”
“I just want to throw data at Splunk and have it find problems for me.”
“Show me what my data can do for me!”
21. 21
What is a Service?
Service
In Splunk ITSI, a Service is a logical group of technology components
that a user deems need to be monitored together.
It can often be generalized as a “black box” which we send requests
and expect responses.
Requests
Responses
22. 22
What is a Service?
Technical Services
Auth
Web
DNS
Requests
Responses
Requests
Responses
Requests
Responses
Services can be technology-centric …
23. 23
What is a Service?
… and business-centric
Business Services
Support Desk
Customer
Transactions
Requests
Responses
Requests
Responses
Technical Services
Auth
Web
DNS
Requests
Responses
Requests
Responses
Requests
Responses
24. 24
What is a Service?
Packet Network
Hypervisor and Hosts
RBMDBs
Storage Tier
API Services
Web Services
CustomerTransactions
Mobile
API/Middlewar
e
PartnerPortal
DNS
Services can encompass multiple tiers of the IT domain and
may also depend upon other services/micro-services
25. 25
What is a KPI?
KPI: Number of requests
KPI: Error rate
KPI: Average response time
KPI: Servicer CPU load
KPI: Server network I/O errors
KPI: Number of transactions
KPI: Error rate
KPI: Average response time
KPI: Count of incident tickets
KPI: Synthetic trans health
DNS
Requests
Responses
KPIs and health scores constitute the means by which Services are monitored
Customer
Transactions
Requests
Responses
26. 26
Key Performance Indicators (KPIs)
KPI: A Splunk saved search defined in Splunk ITSI that helps monitor a specific
field like CPU, Memory and so on. KPIs are contained within Services.
27. 27
Service Health Scores
A health score is a score from 0-100 that determine the health of a Service.
It is calculated based on all KPIs’ importance and its status once every minute.
30. 30
Glass Tables
Glass Tables: Customizable free form drawing dashboards to view health
scores and KPIs of choice with visual tools to create context
31. 31
Deep Dives
Deep Dives: Swim lane analysis dashboard to show all those indicators
over time for investigations
35. 35
What Makes Splunk ITSI Different?
Search-BasedKPIs
• Easy to write, manage and
change both services and KPIs
• Reflects business and
technology priorities
• Benefit: Rapidly generate and
change KPIs to align service
health with business
Fiserv – 1000s in just
weeks
FullFidelityServiceHealth
• Adaptable and flexible
definitions of service health
• One solution to go
seamlessly from service
reports to root cause,
including raw data
• Remains adaptable and yet
still maintains complete
historical context
UniversalDataPlatform
• Data driven: All IT data
including events, metrics
and logs
• Schema on-the-Fly
Ask any question of
the data
• Fast time to value
• Data fidelity
37. 37
Why Enterprises Use Splunk for IT Operations
Increased Uptime
to 99.9%
Availability
Reduced MTTR
from 2-3 days to
few minutes
Improved Margins
by protecting millions
in ad-revenue
Consolidated Tools
by retiring 27
monitoring solutions
Optimized Capacity
by saving $500K in
SW, HW & licenses
Drives Innovation
with usage analytics on
product features
38. 38
Unified insights: data
integrations from other tools
11,000 to 100s
Reduced incident
tickets
Alerting on service
KPI’s instead of
server performance
Usage baselines to
identify anomalies
Splunk IT Service Intelligence at
39. 39
Server-based to
Services-based
monitoring
Top-down and deep-
dive service insights
200+ services and
1500+ KPIs
monitored
Flexible creation and
modification of
services and KPIs
Alerting on service
KPIs instead of server
performance
Real-time, holistic
and proactive
“client” view
Splunk IT Service Intelligence at
40. 40
Splunk IT Service Intelligence at
Replaced home-
grown tools
Real-time service
insights to LOBs
Reduced time to
resolution
45. 45
We Want To Hear Your Feedback!
After the Breakout Sessions conclude
Text Splunk to 20691
And be entered for a chance to win a $100 AMEX gift card!
Explosion of technologies
IoT, mobile, distributed apps, virtualization.
Increased efficiency and utilization
BUT escalating IT complexity
Lots of disparate and complex and siloed based solutions
Requires a war room for RCA or product launch
There may be blamestorming / finger-pointing
Takes hours and hours
No RCA, so apply brute force workaround and restart the system
IT is busy keeping the the lights on or fighting fires
Collecting, searching, monitoring and analyzing machine data and getting operational intelligence.
Monitor data in real-time (as the data is streaming) and historical data.
Collects data securely and reliably in any format.
It is centralized with RBAC.
Troubleshoot problems and investigate security incidents in minutes (not hours or days).
Monitor end-to-end
Gain insights into customer experience, transactions and behavior.
No need to understand your data upfront or have a predefined schema and requirements.
We have our own map reduced-based, high speed data index and retrieval mechanism.
No database in the backend as we apply schema on the fly.
No custom connecters
Scale from a single server to petabytes of data on your commodity hardware.
And you can store data in the cloud
Expand from there into security, capacity planning applications management
We are creating intelligence on top of the data therefore easy scaling.
Customers start in one of these 5 areas and traverses each of these 5 areas.
Both IT and business professionals can analyze machine data to get real-time visibility and operational intelligence.
Improve their performance, meet SLAs, reduce costs, mitigate security risks, maintain compliance and gain insights.
Today we are going to focus on some of the major use cases and values related to the IT Operations space.
This maturity model is a great template when it comes to how Splunk is utilized.
Search and investigation. One place to find and fix problems faster and reduce escalations.
Proactive monitoring. Monitor IT systems in real time to identify issues before they impact your customers, services and revenue. Trigger notifications in real-time via email or RSS, execute a script to take remedial actions, send an SNMP trap to your system management console or generate a service desk ticket.
Operational visibility. See the whole picture, and make better decisions. Visualize trends to better plan for capacity; spot SLA infractions, track how you are being measured by the business.
Real-time business insight. Beyond operational visibility. See the success of a new campaign or service, reconcile 3rd-party service provider fees against actual use, find your heaviest users and heaviest abusers, and more.
Because machine data captures every behavior, the possibilities are game changing. You'll find the lead times to get to this intelligence dramatically less than other solutions - measured in minutes/hours instead of months.
Who is at Search and Investigate? Raise your Hands. Proactive Monitoring and Alerting? Raise your Hands. Operational Visibility? Raise your Hands. Real-time Business Insight? Raise your Hands.
Who thinks it makes sense for all of us to have our business at Real-time Business Insight? Why?
So how do we get there?
Reduce MTTR
Time series
Flexible search and drill down
No more grepping through logs
Correlate data from all levels/layers of the stack
Increase uptime
See trends of realtime data and historical data
Powerful visualizations
Alerting
Splunk has evolved from an engine --> a platform for machine data
Apps & add-ons help you collect, analyze and harness data from every layer of your technology stack.
Built by our customers, technology partners such as Cisco, NetApp, or others and Splunk employees.
We are a platform -- easy to get data into Splunk and out of Splunk AND complementary
In addition to prebuilt apps, customers can also build their own using our REST API and SDKs.
Splunk apps simply help you get to the point faster where you can see correlations and comparisons of machine data ACROSS silos.
Check out Splunkbase for more integrations
We also recently introduced the 2 new offerings- the Splunk App for Stream (stemming from the acquisition of Cloudmeter) and MINT (Mobile Intelligence) that stems from our acquisition of Bugsense.
The Splunk App for captures real-time streaming wire data
And Splunk MINT helps you gain visibility into mobile app performance and quality, so you can deliver better mobile apps
The main value from the apps is providing context for data from silos and making it available inside Splunk for correlation with other data from other silos.
With Apps, you can accelerate insights into specific issue or a problem area. For example if you are focusing on Exchange, you want to understand what is the service health are messages going through, do I have any security issues. If you are a Virtualization or storage admin, you want to understand what is going on with your infrastructure, Am I forecasting proper resources for capacity growth? How are my applications affected by storage latency? Do I have enough storage capacity? Our Apps can provide you with these insights since we have visibility into specific siloes.
Splunk is a scalable platform
Initially founded on enabling IT administrators to solve IT challenges
Led by our customers, we’ve gone from Application Management, Security and Compliance
TO use cases around Business Analytics and IoT
Here are some of our customers’ asks today; and so we’ve evolved Splunk to adapt.
Reuse the data to up-level their insights.
To immediately address the operational problems but also gain visibility into whether they are meeting SLA’s
And what impact performance is having to the business.
That brings us to Splunk IT Service Intelligence – a packaged solution that enables real-time visibility into services driven by machine data.
Splunk ITSI simplifies service monitoring and analytics and enables IT to WORK SMARTER, NOT HARDER
With Splunk ITSI, you have real-time views into the health of your SERVICES, and can use advanced analytics to find patterns, detect anomalies and trends to proactively monitor and address issues.
As a result you have improved service visibility, reduced resolution times, and a transformative approach to monitoring and analytics driven by machine-data.
ITSI does not require months of implementation.
As your business evolves you can update and customize your views, too.
Secondly, the solution uses machine learning to detect anomalies, identify baselines and have the system dynamically adapt thresholds.
There are pre-defined, cross KPI correlations and more. Essentially, we’re transforming the approach to monitoring with analytics driven by machine data.
Lastly, and very much to the response of our customers, we wanted to address the need for IT to align with the business.
With Splunk ITSI, we enable both IT and the business stakeholders of various services to gain real-time insights into critical performance indicators, in a way that makes most sense to them.
A services can literally be sources of data a customer wants to group together to monitor in a single healthscore or just wants to logically group together because they need to be managed by a specific team or needs to be reported in such a way.
Customer transactions, support desk, or other business units
For example, a Partner portal is a conceptual service which depends on the API service which in turn has its own KPIs but depends on Web Services.
Alternatively you could have Partner portal depend on each and every one in blue, or not even have all the ones in blue and have all the Kpis be inside Partner portal.
Everything you see in the diagram above could be a service in ITSI.
Identify and configure those critical KPIs, like # of requests, error rates, response times, etc.
KPIs are created by the user and the user has to define which Splunk field to monitor, what stat operations to use (e.g. avg cpu, max cpu etc.) …
… what the thresholds for good bad ugly should be, what the frequency of monitoring that field should be and how important it is towards the health of the service.
These are the 4 main dashboards that are in ITSI, SA is for the quick view and quick filtering to see only the Services and KPIs of choice,
Glass table is for those who want to represent their own workflow and want to take the time to make things look pretty.
Deep Dive is for the investigative work when things go wrong,
Multi KPI alerts is to build alerts for when there is a desire to be alerted by email or just view the notable event review dashboard (like Incident review in ES).
Think ES when talking about notable events. They are nearly identical to ES notable events other than the fact that they are some other fields like Service and the actions you can perform on them are a little different. Like going to Deep Dive or creating ticket in service now. The correlation searches that create these notable events can be designed through the correlation search interface like in ES, or through the Multi KPI alert UI. They are stored in the notable events summary index.
WHY ITSI? Service Owners tell us that they determine Service Health through summarized events that have limited retention time.
The business impact here surrounds the time and expense in identifying root cause and fixing the problem.
<click> To address this, Splunk ITSI delivers a 360 degree view of service health from one place. We call this Full Fidelity Service Health.
<click> Search Based KPIs deliver a flexible way to impose schema only at retrieval, without a pre-defined schema or hard coded collectors.
Often there are new KPIs or change existing ones that need to align with business and technology priorities.
See benefits from customers are getting from Splunk
Quest Diagnostics – process $1M in one hour; reliant on manual perl & unix data. Now they can monitor app availability and infrastructure with increased up-times of 99%
Safeway – uses Splunk as a centralized platform to monitor their data. Saved $$ by consolidating their monitoring
DirectTV – introduced NFL streaming service not realizing the impact on the infrastructure. Spent ~150k to beef up the servers and that still did not help. Now able to dynamically adapt their infrastructure to the services they are offering.
Vodafone is the world’s second largest telecommunications company and provides voice, messaging, data, and fixed communications to over 400 million customers.
The IT operations team lacked visibility into the health and performance of the services that were rolling out.
ITSI is integrated with HP Business Service Management and Remedy systems
Gain end-to-end visibility of the performance and behavior of their IT services,
improve the performance and uptime of critical services
Reducing the number of incident tickets opened every day from over 11,000 to hundreds
improving customer satisfaction and reducing support costs
Fiserv is a global financial services technology provider behind essential services such as mobile and online banking, payments, risk management, data analytics and core account processing.
No consistent monitoring approach
Frustrated with too many tools,
Fiserv needed a way to quickly react to changing environment conditions to alert and prevent reoccurring events BEFORE they happened.
Enter Splunk IT Service Intelligence –
Deliver service based monitoring in a much shorter time frame
Empower a tier 1 user with a tool kit to triage and act as a higher tier
Easily correlate issues through a drill down and determine cause vs effect and then dive right into the logs
With Splunk IT Service Intelligence, the Fiserv team is able to collect and process data from multiple sources and locations and integrate that data into an existing incident management process.
…all within 90 days from inception to delivery.
AdvancedMD is a leading provider of cloud-based, software solutions for independent physician practices.
As a critical part of their business, AdvancedMD must closely monitor the delivery of its services to up to 15,000 users who log into its systems daily.
Existing monitoring tools could not provide an end-to-end view of the services they needed to maintain, particularly their claims service.
Using ITSI to monitor the end-to-end health of their claims service, which spans multiple systems and environments, and is critical to their business.
Reduce MTTR
Replace brittle home-grown monitoring tools
Improve the uptime and reliability.
“Splunk IT Service Intelligence was delivering insights days after installing, instead of the months it can take legacy monitoring solutions. Splunk ITSI helps us ensure that the claims service stays up and running at all times.” - Tyler Germer, director of information technology, AdvancedMD.
Splunk provides a platform for IT and the business to gain visibility, insights and intelligence from all machine data
Strong ecosystem of apps to deliver end-to-end operational visibility enabling IT to reduce costs, consolidate tools and eliminate silos
Splunk delivers Operational Intelligence allowing IT to go beyond troubleshooting & maintenance to enabling business insights and continual growth
We’re headed to the East Coast!
2 inspired Keynotes – General Session and Security Keynote + Super Sessions with Splunk Leadership in Cloud, IT Ops, Security and Business Analytics!
165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security…and MORE!
30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you!
Join the 50%+ of Fortune 100 companies who attended .conf2015 to get hands on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers.
Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in Orlando a Splunk user, leave Orlando a Splunk Ninja!
REGISTRATION OPENS IN MARCH 2016 – STAY TUNED FOR NEWS ON OUR BEST REGISTRATION RATES – COMING SOON!